







A COMPUTER 
ipi KING 


THERE'S 50 "o 
NETWORKING STUFF 
^ —— TO LEARN! оме! 


SO BAD! LETS 
(LEARN THE IDEAS ) $? 
ONE АТ А TIME} 


NETWORKING 
ISN'T MAGIC, BUT 


I SURE FEEL LIKE 
A WIZARD D Now! 





Cast of characters 


in your house. 


2 A е 


your laptop 


your 
Tin Y our home 
(that you use — Mr : router 


to look ot cats) (knows how 16 
do networking ) 





computers oull talk to 


)vns.co. 


DNS server 
SEMVET (Knows which 
(has cot Server hosts 
P icture ) jyns ca) 





We re downlaadiag 
in The middle 


Zu 


inter mediate routers 


on the internet packets Y 





What's this *Y 


Hi! I'm Sulia. 





I put a picture of a cat on the internet here: 


X | jvns. са f cas png 4 (go look 1) 


In this zine, we'll learn everything (mostly) that 
needs to happen to get that cat picture from my 
server to your laptop. 


My goal is to help get you from: 








me of ter Ld 

been working 

as о web 

developer foc 
о. Year 





Ive heard about some 
of these HTTP/DNS/TCP 
things, but I don't understand 
how they work exactly or 
how they all Fit Together. 








200 here's a net working 


problem f I totally 


know where to start! 





* га 40 ovr star: қыты 
x** the packet, " 


All data is sent over the internet in Spacketsy. A 
packet is a series of bits (01101001...) and it's split 
into section (aka "headers". 

Here's what a UDP packet that says "mangotea" 
looks like. It's 50 bytes (400 bits) in all! 













Sulia, 1 dont 
understand this 
diagram 


We are going 
to work on 
explaining it 





e bis —————-————— 


Ethernet frame 
destination MAC | Source MAC addr | type | header” 
С1Ч bytes) 


l the packet to. 
Destination TP address 
bits 
destination port 





UDP header $ bytes 


a TCP packet would have a 
TCP header instead here) 


The packet's “contents” 
40 here. ASCII 
characters are 1 byte 
So "mongotea = $ bytes 
64 bi 


160 bits 

IP header 20 bytes 
| protocol | This tells routers 
Source ТР address what IP to send 


steps To дет a cat picture 
from jyns.ca/cat.png 
When you download an image, there are a LOT of 
networking moving pieces. Here are the basic steps, 
which we'll explain in the next few pages. 


A get +he IP address 
Гос )vns.ca. 


where 15 
Is jvas. caf 


laptop (08.24.7442 (бла тачу [С 


ONS 
Server 


(3) open o. TCP connection 
to 104.28.7.94 port 80 


GET /cot.pna HTTP/I.I 
ЭЙ Host: jvns.ca 
Ды 


29 User- Agent: cucl 
with cats 
M isa “Т EDUC shake" 


we'll explain it in the TCP sectio 


6) get a. cat back (6) ciun i 


HTTP/1.1 200 Ok -> close the connection, maybe 
Content- Type: image/png 25 pot the bytes 788 
Content- Length: 123123 - iL RNC file 
(PNO BYTES? maybe ( 
n 


look at cats, 
definitely. 








DNS 


X Фф е ж 
Gte : aet the IP address for ivns.ca 4 
M P: 9 J ж 


АЦ networking happens бу sending packets. То send a 
packet to a server on the internet, you need an 


IP address? like 104.298.7.4. 


jvns.ca and goeogle.comare domain names. DNS (the 
"Domain Name System") is the protocol we use to get 
the IP address for a domain name. 


is 104.28.7.94 Y 
7 


DNS 
laptop 7 DNS response Server 
DNS request 









what's the 
IP for JVNS.ca? 


The DNS request & response are both usually UDP packets. 


When you run $ curl jvns.ca/cat .png: 








Curl calls the getaddrinfo getaddrinfo 


getaddrinfo |/finds the system| makes a DNS “А obtained” 
Function with DNS server request to 


jvns.ca (like 8.8.8.8) 8.8.8.8 


TP address: 
104.28.7.94 


Your system's default DNS server is often configured 
in /etc/resolv.conf. 


8.8.8.8 is Google's DNS server, and lots of people use it. 
Try it if your default DNS server isn't working! 


There are 2 Kinds of DNS servers: 


recursive. authoritative 













I can get you an 


1 wanna Know where 
IP address т. и jvns.ca is? 
DNS website by asking — Talk to ME! 






the right author iFative. 


Server 
ENT (like. art.ns.cloudflace com) 


When you query a recursive DNS server, here's what happens: 










the recursive DNS 
Server Keeps o- permanent 
list of root servers 






T hove to talk 
to THREE 
authoritative 


DNS servers? E A DNS server 


Okay 1 frees ims) frees ims) со? (sk tel ҚОЛДАҒАН 
90 
recursive E со. ONS server 


DNS server —— 5 JVNS. ca? E ns. cloud flare .com 


10Ч.2%.7.4Ч 
and 104.29. 6.94 


Recursive DNS servers usually cache DNS records. 

Every DNS record has a TTL ("time to live") that says 
how long to cache it for. You often can't force them to 
update their cache. You just have to wait: 








20 minutes 
T updated my later oftec 
DNS records, Бо у the recursive 
when I visit the DNS server 





site in mu browser 


І see the old 
version ЫҚ 


cache updates... 





let's make 
DNS requests 


When you're setting up DNS for a new domain, often this happens: 


recursive 

“IONS server 
Here's how you can make DNS queries from the 
command line to understand what's going on: 









T don't Know 
what that is yet 
(NX DOMAN) 


$ dig jvns.ca 


;; ANSWER SECTION 
jvns.ca 268 INA 104.28.6.94 
jvns.ca 268 INA 104.28.7.94 


this record 5 "N 4 

is record expires) (an А record is 
after 268 seconds ) (an Тр Ede 
;, SERVER 1270.1.1453 


P o s server Im using 


$ dig @8.8.8.8 jvns.ca 










There can 
be lots of 
ІР addresses 
for one domain 










8.8.8.8 is Google's recursive 
DNS server. € 8.5. 3 queries that 
instead of the default. 
$ dig +trace jvns.ca 
root DNS 
502441 IN NS КЕТКЕН Server Y 
ca. 172800 IN NS c.ca-servers.net 
jvns.ca. 86400, INNS art.ns.cloudflare.com 
jvns.ca. 300 INA 104.28.6.94 








these are the 2 authoritative 
secvers an authoritative server 


has to query to get an IP fo- 
)У05. со. 





до + trace basically does the 





same thing o. recursive DNS 
server would do to find your 
domain's IP. 





Sockets 


Ct (2): Now that we have an IP address, 
ep ` the next step is to open a socket! 
Let's learn what that is. 


your program doesn't Каом| | what using sockets is like 


how to do TCP 
step 1: asK the OS for a 


idk what “ТСР” is. I socket 


| — 
just want To get a webpage step 2: connect the socket 


" > OS to an IP address and port 
2. help? step 3: write to the socket 


Program to send data 


4 common socket types when you comect with 


TCP ke + 
"i SocKe. 


{о ose. TCP to use UDP 


for ULTIMATE POWER, 10 talk F 
pina uses this to send Programs on tne 


ICMP packets. Same computer (we'll explain ths SYN ACK thing soon) 


Server 


A pO. 


When you write 
a socket this socket interface 


> i oes eo 
ото 


program Operating system 


%) 
splits it up does so rd 
А > into packets “Га For те! 


bo send it (CPO 





TCP: how to 
reliably дет o. cat 


Step 3 in our plan is "open a TCP connection!" 


Let's learn what this "T CP" thing even is 


When you send a packet, 
sometimes it gets lost 


how to Know what order the 
packets should ge in: 
Every packet says what 


range of bytes it has. 
Like this: 
once upon о. Fi. e bytes 0-13 
agical oyster 4 bytes 30-42 
me there was am e bytes 14-29 


Then the client can assemble 
all the pieces into. 


"once upon a time there Р 
WAS о. magica | oyster 
The position o$ the first byte 

(0, 14,30 tn our example) LS 
Called the “sequence number! 


Y 


TCP lets you send a stream 
of data reliably, even if 
pacKets get lost or sent in 
the wrong order. 


420,420 emo 


how to deal with lost packets: 


о 
it 5045 %9 
ча D 


laptop 


When you get TCP data, you 
have to acknowledge it (ACK): 


here is pact of 
a cat picture Y 
that should be 


28832 bytes 
So for Y 


ACkY T have 

received all 

28832 bytes 
If the server doesn't get an 
ACKnowledgement, it will retry 
sending the data. 





(Тһе TCP handshake < 


«4 — — — — — 32 bits — — 


2742 


Sequence Number 
Acknowledgement Number 


header looks like: 


the "sequence numbeft" 

ets you assemble [УЙ Window | 
packets in the right | Checksum) | Urgent Pointer | 

order Rany E Options — [uu 


Every TCP connection starts with a "handshake". This makes sure 





both sides of the connection can communicate with each other. 


E quoad el 


But what do "SYN" and "ACK" mean? Well! TCP headers have 6 
single bit flags (SYN, ACK, RST, FIN, PSH, URG) that you can set 
(you can see them in the diagram). A SYN packet is a packet 
with the SYN Flag set to 1. 


When you see "connection refused" or "connection timeout" errors, 
that means the TCP handshake didn't finish! 
Here's what а TCP handshake looks like in tcpdump: 


$ sudo tcpdump host jvns.ca 

localhost :51104 > 104.28.6.94:80 Flags [S] TcP 
104 .28.6.94:80 > localhost:51104 Flags [S.] handshake 
localhost:51104 > 104.28.6.94:80 Flags [.] 


jvns.ca IP address 
S is for SYN 


. is For ACK 


HTTP 


Step Ч: Finally we can request cat.pno! 


Every time you get a webpage or see an image online, 
you're using HTTPS. 


HTTP is a pretty simple plaintext protocol. In fact, it's so 
simple that you can make an HTTP request by hand right 
now. Let's do it 119 


$ printf "GET / HTTP/1.1\r\nHost: 
example.comNrNnNr Nn" 
| nc example.com 80 


Qu!) 2300 


the nc command ("netcat") sets up a TCP connection to 
example.com and sends the HTTP request you wrote! 
The response we get back looks like: 


200 OK 
Content-Length: 120321 
... headers ... 


«html» 
<body> 
.... more HTML 






Í ve heard of 
HTTP/2, 
what's that? 


HTTP/2 is the next version of HTTP. Some big differences 
are that it's a binary protocol, you can make multiple 
requests at the same time, and you have to use TLS. 


important HTTP headers 


This is an HTTP request: The User-Agent and Host 
GET /cat.png HTTP/1.1 lines ace called “headers”. 


Host: jvns.ca Thone 
User-Agent: zine — y give The webserver 


€x tro, information about 
What webpage you want! 


the Host headeri.- mu Favorite Y 


o 


. . 
^^^ 


Jvns. ca, 
Server 





dude, do You even know o 
how manu websiles T 


Secvet You gotta be 
More Specific. 







e 


o 
NOW месе talkino 


Most servers serve lots of 
different websites. The 


Host header lets you pick 
he. one you want Y 




















Servers also send 
esPonse headers with 
extra information 

About the Cespense . 









More useful headers - 


User- Agent Accept - Encoding 


Lots of servers Want to save When you're logged 
use this to check bandwidth? Set 

if you're using an this to "gzip" and 
old browser or if the server might 


you're a bot. compress your 
response. 


into a website, your 
browser sends data 
in this header! This 
is how the server 
Knows you're logged 
in. 


М; 
RX, . « and now for even MORE “с $ 
Ww JV У mo 


We've covered the basics of how to download a cat 
picture now! But there's a lot more to Know! 
Let's talk about a few more topics. 


We'll explain a little more about networking protocols: 


— what a port actually is 

-* how a packet is put together 
— security: how SSL works 

— the different networking layers 
— UDP and why it's amazing 


and how packets get sent from place to place: 
—how packets get sent in a local network 


апа how packets get from your house to jvns.ca 
> networking notation 


lets learn 
MORE? 


netwo rking layer S 


Т don't always find this Networking layers 
useful, but it's goad mostly correspond to 


+o know what different sections of 
“layer Ч" Means. 







a packet. 
Layer 1: wires + radio waves 
€«—— — — M bits Layer 2: Ethernet/wifi protocol 


[sere [eme EET C к саго 
our network car 


à D 
--------- i ----бз 
> understands it 


E dr pe «— Layer 3: IP addresses 


[m eee темдеән| ОМЕТ ok af this to 
Source ТР address decide where to send 
Destination ТР address the packet next 


de Fae ata 


Where you get your ports! 


Pere he 3: HTTP and friends 


Routers i ignore this layer, 
mostly. DNS queries, 




















L only know 










— about +p addresses" | emails, etc. 9o here. 
Tool T don't even know 






what a port is 
let alone what 
the packet says. 


^ 


1 
ignores layer M 


and above 






which layer? 
network card- layers 1+2 
home router - layers 24344 





The cool thing is that the 
layers are mostly independent 
of each other - you can 
change the IP address (layer 
3) and not worry about layers 
4+7. 


applications - mostly layer 7 


but also layer 
4 for the port 


what's o. =port ? 


е” 


ел 

ports are part of the ТСР and UDP protocols. 
(TCP port 444 and UDP port 444 are different!) 
When you send a TCP message, you want to talk 
to a specific Kind of program. 

This would be bad: 










Uh, I'm Q 
mail server, 
So rra 


SD І want to 
Agito use a webpage 


We want to have different kinds of programs on 


the same server: 


So every TCP/UDP packet has a port number 
between 1 and 65535 on it: 


heres o. TCP packet 
with рост 80 anit! 


UDP port 53 


HTTP: ТСР port 80 
HTTPS: TCP port 443 
SMTP: TCP port 25 
Minecraft: TCP + UDP port 25565 





UDP 


User datagram protocol 


DNS sends requests using ( 


: unre liable. dato. protocol" 
UDP. UDP is a really simple nitent eli) 
protocol. The packets look When you send UDP packets 
like this: they might arrive: 
UOP header “ Out of order 
~ IP stuffr $ 
length any packet can actually get last, 


but UDP won't do any thing to 
~ packet conte nts ~ help you. 





PacKet sizes are limited you need to decide how to 






organize your data into 
pacKets manually 






Тт gonna pot 3000 
characters in this packet 


nope, that 


won't fit. 1500 oo — bris 

bytes is pro bably in this packet, 

a better size. * 747 bytes ia 
that one... 


* packet sizes are actually 
Q super interesti ng topic. Search “MTU”, 


VPNs use UDP Streaming video often 


Ет. uses UDP 
talk to 12.12.12.12 
Read http://hpbn.co/webrtc 


stuff all your for a GREAT discussion of 
dota into UDP p 
packets, send them | server using UDP in a real-time 
to me, and Tl protocol. 

pass them along, 





Local networ king 


aka "how to talk to a computer in the same room" 





Every computer is in a subnet. Your subnet is the 
list of computers that you can talk to directly. 










убо r 


:nTe/ 
print laptop your phone foute- 







What does it mean to talk "directly" to another 
computer? Well, every computer on the internet has a 
network card with a MAC address. 





Your laptop's IP address 
hello V you can call me 


Oa: 58:47 seat 05:47 





changes if you go to an 
Я internet cafe, but its MAC 
net Wor 


соса MAC address doesn't. 


When you send a packet to a computer in your subnet, 





you put the computer's MAC address on it. To 


get the right MAC, your 
computer uses a 


protocol called ARP: ІМ 9e 
"Address Resolution 





Protocol". 


You can run arp -na to see the contents of the ARP 
table on your computer. It should look like this: 


$ arp -na AC For 142.168.1120 (ту printer) uiti 
d 


Соса 


? (132.168.1.120) at 34:53:30:30:31:38:c8 [ether] on wlp3s0 


Hou packer $ get Sent 0.4055 1 һе осеат 












с 


Thar a packet f 8.7.4, 
but how do 2 ge —hrough o 
this INTERNET? 


" pu ее; 7) 

— — Е f | Il 
eye DID 
home Injermeógra 
router (outers cable (04 23.7. 4Я4 

under the Server 
OCEAN 


ме act 
—* 


Ооо 


Your laptop 
When a packet arrives at a router: 
D — Д D possible nex? 
d — [ассо — steps. where 
why RE will the packel 
destination: ' Е ен 
104.28. 7. 24 router Np A й! 


Routers use a protocol called to decide 


what router the pacKet should 9o to next: 


A packet can take a 
S 7 
lot of different routes we, = 
to get to the same A < O2 
— 
destination! 


The route it takes to get from 
A—B might be different from B— A. 


Exercise: 
Run traceroute google.com to see what 
steps your packet takes to get to Google.com. 


Notation time V 
£10.0.00/8} 


People often describe groups of IP addresses using 
CIDR notation. 


important examples 


CIDR range of IPs 


10.0.0.0/8 10.*.*.* 10.0.0.0/8 and 192.163.0.0/16 
10.3.0.0/16 104%% and 172.16.0.0/12 are reserved 
10.9.3.0/24 10.9.3.* for local networking. 


vA 


42- 
In CIDR notation, a /n gives you ? 
IP addresses. So a /24 is 2%- 256 LPs. 


It's important to represent groups of IP addresses 
efficiently because routers have LOTS TO DO. 


EU 


foutec 









15 102.168.3.2 in the subnet 
192.108.0.0/16? Т. can do some 
really Fas} bit arithmetic and 
find ovt 1 







The IP address 10.4.0.0 is this in binary: 
[M q о, 0 


Y 
00001010 00001001 0000000 00000000, 
first 24 bits 


10.3.0.0/24 is all the IP addresses which have the same 
first 24 bits as 10.4.0.0! 


SSL/TLS 


(TLS: newer version of SSL) 






When you send a packet 
on the internet, LOTS of 
people can potentially 






that person 15 
Sending email with 
pie recipes. 

HMMM. 











read it Unencry р?е4 
: wifi 


SSL encry pts your packets: 


old packet ТР address+ port 


f : Stay the same 443 is the 
: 232.44 : : : = 
Ёо: 9.9.32.44 2443 C3 Соате tos 4.9.32.94 443 usual SSL pect 


from: 31.9%. U.2:999 from: 31.99. 1.2. 2999 
ООВ ) 
| hee is mu secret ; -у ud Pitan er gonna. i 

emon T (eci e ==, 2 he. , now e Secre 
| P: IPS ; JJ 042,25 S)kk; pie recipe NOwY 


4 - ~~ wm Bow € mé mo c 
— Ow wee ——— — — we 2.22 eo e 


What hap pens when yo» Bo To https: // jvns.ca.: 


here's my SSL 
T certificate 





Server my half of the 
key exchange 
(мегу Simp lifted) 


Once the client and server agree on а Key for the session, 
they can encrypt all the communication they want. 


To see the certificate for jvns.ca, run: 


$ openssl 6 client -connect jvns.ca:443 -servername jvns.ca 


TLS is really complicated. You can use a tool like SSL Labs 
to check the security of your site. 


wireshark 


Wireshark is ап“ ” tool for packet analysis. 


Here's an exercise to learn it! Run this: 


$ sudo tcpdump port 80 -w http.pcap 


While that's running, open metafilter.com in your browser. 
Then press Ctrl+C to stop tcpdump. Now we have a pcap! 
Open http.pcap with Wireshark. 


om io о о f 
Some quest ns u can try to answer 


() What HTTP headers did your browser sent to 
metafilter.com? 


(hint: search frame contains "GET ") 


How many packets were exchanged with 


metafilter.com's server? put the ТР from 
(hint: search ip.dst == 54.1.2 :3) ping metafilter cam 


here 
Wireshark makes it easy to look at: 


* IP addresses and ports 
ж SYNS and ACKs for TCP traffic 


ж exactly what's happening with DNS requests 


xand so much more! It's a great way to poke 
around and learn. 


V thanks Y 
foc reading 


If you want to Know more about networking: 


—» make network requests! play with 


— beei's quide to network programming isa 
useful + funny guide to the socket API 
on Unix systems. 


— bee j.us/quide/bgnet 4— 
—> High Performance Browser Networking 


is а xfantastice and practical quide on 
what you need to Know about networking to 
make fast websites. 

You can read it for free at: 


—> hpbn.co 4— 


Thanks for Kamal Marhubi, Chris Kanich, and 
Ada Munroe for reviewing this! 


* x 
like this ? 


more at 


Wizard2ines.com 


CC-BY-NC-SA wizard industries 2017 


